class BlogPostsController < ApplicationController
  include AuthFuncs
  include TopicsHelper
  # GET /blog_posts
  # GET /blog_posts.json
  def index

    @topic = Topic.find_by_id(params[:topic_id])
    if @topic
      return deny_access unless @topic.allowed_to?(current_user)
      if signed_in?
        @blog_posts = BlogPost.visible_in_topic_to(@topic, current_user) || []
      else
        @blog_posts = BlogPost.public_visible.in_topic(@topic)
      end
    else
      # Не выбран топик, показываем все видимые публично
      @blog_posts = BlogPost.public_visible
    end

    respond_to do |format|
      format.html # index.html.erb
      format.json { render :json => @blog_posts }
    end
  end

  # GET /blog_posts/1
  # GET /blog_posts/1.json
  def show
    @blog_post = BlogPost.find(params[:id])
    return deny_access unless @blog_post && @blog_post.allowed_to?(current_user)

    respond_to do |format|
      format.html # show.html.erb
      format.json { render :json => @blog_post }
    end
  end

  # GET /blog_posts/new
  # GET /blog_posts/new.json
  def new
    @topic = Topic.find_by_id(params[:topic_id])
    return deny_access unless @topic && @topic.allowed_to_add?(current_user)

    @blog_post = BlogPost.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render :json => @blog_post }
    end
  end

  # GET /blog_posts/1/edit
  def edit
    @blog_post = BlogPost.find(params[:id])
    return deny_access unless @blog_post && @blog_post.allowed_to?(current_user)
  end

  # POST /blog_posts
  # POST /blog_posts.json
  def create
    @topic = Topic.find_by_id(params[:topic_id])
    return deny_access unless @topic && @topic.allowed_to_add?(current_user)

    @blog_post = BlogPost.new(params[:blog_post])
    @blog_post.user = current_user
    @blog_post.topic = @topic
    
    respond_to do |format|
      if @blog_post.save
        format.html { redirect_to @blog_post, :notice => 'Blog post was successfully created.' }
        format.json { render :json => @blog_post, :status => :created, :location => @blog_post }
      else
        format.html { render :action => "new" }
        format.json { render :json => @blog_post.errors, :status => :unprocessable_entity }
      end
    end
  end

  # PUT /blog_posts/1
  # PUT /blog_posts/1.json
  def update
    @blog_post = BlogPost.find(params[:id])
    return deny_access unless @blog_post && @blog_post.allowed_to?(current_user)

    respond_to do |format|
      if @blog_post.update_attributes(params[:blog_post])
        format.html { redirect_to @blog_post, :notice => 'Blog post was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render :action => "edit" }
        format.json { render :json => @blog_post.errors, :status => :unprocessable_entity }
      end
    end
  end

  # DELETE /blog_posts/1
  # DELETE /blog_posts/1.json
  def destroy
    @blog_post = BlogPost.find(params[:id])
    return deny_access unless @blog_post && @blog_post.allowed_to?(current_user)

    @blog_post.destroy

    respond_to do |format|
      format.html { redirect_to blog_posts_url }
      format.json { head :no_content }
    end
  end
end
